I haven't yet read this "SHA-1 collisions now 2^52" paper: http://eurocrypt2009rump.cr.yp.to/837a0a8086fa6ca714249409ddfae43d.pdf
However, I'm interested to know: a. Where in Tahoe are hashes used? b. For each usage, what guarantee is required of the hash? c. If a hash fails, what is the expected behavior of the system? d. For an existing grid how feasible is an upgrade to a new hash format which preserves all data? Having answers to any of these questions would place Tahoe a good step beyond the standard, and I believe it would be a good selling point for enterprise adoption. Nathan ps: For the case of Merkel Trees, are any security guarantees preserved in the face of hash collision attacks? I know that some guarantees are preserved in the face of hash vulnerabilities in HMAC. _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
